生成token
用token校验身份,是前后端交互的常用方式。
它有以下特性:
- 会失效
- 加密
- 可以根据它拿到用户的信息
生成方式:
# 依赖导包:
import jwt
from flask import current_app
def generate_token(payload, expiry):
key = current_app.config.get('SECRET_KEY')
if 'expiry' not in payload:
payload['expiry'] = expiry
try:
token = jwt.encode(payload, key, algorithm='HS256')
return token
except Exception as e:
print('获取token报错信息e', e)
return e
token的校验:
def check_token(token):
"""验证token"""
key = current_app.config.get('SECRET_KEY')
payload = jwt.decode(token, key, algorithms='HS256')
return payload
生成一个刷新的token
def _generate_token(payload, is_refresh=True):
"""生成token"""
# 设置有效期
expiry = datetime.now() + timedelta(seconds=30)
token = generate_token(payload, str(expiry))
# 默认需要刷新生成token
if is_refresh:
# 刷新生成的token, 有效期15天
expiry = datetime.now() + timedelta(days=15)
# 给payload 添加刷新token的标识
payload['is_refresh'] = True
refresh_token = generate_token(payload, expiry)
else:
refresh_token = None
return token, refresh_token